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however, the Examiner believes that there are any 
unresolved issues, or believes that some or all of the 
claims are not in condition for allowance, the applicants 
respectfully request that the Examiner contact the 
undersigned to schedule a telephone Examiner Interview 
before any further actions on the merits. 



Rejections under 35 U,S.C. § 102 
Rejections based on the Veerina patent 



Claims 1 and 5 stand rejected under 3 5 U.S.C. 
§ 102 as being anticipated by U.S. Patent No. 6,243,379 
(hereafter referred to as "the Veerina patent") . The 
applicants respectfully request that the Examiner 
reconsider and withdraw this ground of rejection in view o 
the following. 



Claim 1 is not anticipated by the Veerina patent 
because the Veerina patent does not teach determining — — 
whether or not a packet, that has had at least a part of 
its layer 2 header replaced with a unique bit string that 
is independent of the contents of the packet, is entitled 
to access a particular service using at least a portion of 
the unique bit string. Claim 1 is reprinted below with - 
this feature depicted in bold typeface: 



A method for provisioning services to 
packets sourced from a number of client 
devices, each of the packets having at fp 
least a part of a layer 2 header 
replaced with a unique bit string that 
is independent of the contents of the 
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received packets, the method 
comprising : 

a) determining whether or not the 
packet is entitled to access a 
particular service using at least 
a portion of the unique bit 
string; and 

b) if it is determined that the 
packet is entitled to access the 
particular service, then routing 
the packet. [Emphasis added.] 

Similarly, claim 5 is not anticipated by the Veerina patent 
because the Veerina patent does not teach determining a 
quality of service level to which a packet, that has had at 
least a part of its layer 2 header replaced with a unique 
bit string that is independent of the contents of the 
packet, is entitled using at least a portion of the unique 
bit string. Claim 5 is reprinted below with this feature 
depicted in bold typeface: 



A method for providing various 
quality of service levels to packets 
sourced from a number of client 
devices, each of the packets having at 
least a part of a layer 2 header 
replaced with a unique bit string that 
is independent of the contents of the 
packets, the method comprising: 

a) determining a service level to 
which the packet is entitled using 
at least a portion of the unique 
bit string; and 

b) forwarding the packet to a 
queue associated with the service 
level determined. [Emphasis 
added . ] 

The Examiner argues that the connection-level multiplexing 
("CLM") technique discussed in the Veerina patent teaches 
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these features. (Paper No. 12, pages 2 and 3.) This is 
not correct . 

The CLM technique discussed in the Veerina patent 
does not teach determining whether or not a packet, that 
has had at least a part of it s layer 2 he a der replac ed with 
a un ique bit strin g that is independent of the contents of 
the packet, is entitled to access a particular service (or 
entitled to a particular service level) using at least a 
portion of the unique bit string. More specifically, the 
Examiner argues that the outbound packet transfer in the 
Veerina patent replaces private packet service source IP 
address and port number (arguing that a port number teaches 
a layer 2 MAC header) , uses the lookup table 16 to 
determine whether the packet is entitled to access a 
particular service of WAN links 26, and if [the address] is 
not found, then dropping the packet. Since this position 
reflects an incorrect understanding of port numbers, as 
well as an incorrect understanding of how CLM technique of 
the Veerina patent processes outbound packets, the 
applicants will address these two points below. 

First, a port number does not teach a layer 2 MAC 
header. As is understood to those skilled in the art, the 
transmission control protocol ("TCP") uses a port, along 
with the IP address of a host, to define sockets (i.e., 
sender and receiver endpoints) . TC P is a transpor t la yer 
pro tocol - - J ^yer_4_-in--the-QS-I— ^ 7— layer reference model . 
(Further, an IP addre ss is a layer 3 add ress.) 
Accordingly, replacing a port number does not teach 
replacing at least a portion of a layer 2 header with a 
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unique bit string. Accordingly, claims 1 and 5 are not 
anticipated by the Veerina patent for at least this reason. 



Second, in the CLM technique of the Veerina 
patent, if an outbound packet does not have an entry in the 
lookup table 16, a new entry is created. More 
specifically, the Veerina patent specifies: 



For packets belonging to new 
connections (i.e., without table 
entry) , LAN CLM functional module 14 
maps such packets to external WAN 
links, preferably through default or 
certain allocation criteria link 
assignments . 



Once the selection [of external 
WAN links] has been made (i.e., to map 
outgoing packet through particular 
external WAN link) , an entry is created 
or activated in the IP translation 
table, and outgoing handler translates 
and forwards such packet and connection 
information to IP router 12. Router 12 
sends data to outgoing handler when 
router has packet that is destined for 
a non-local network. 

Column 3, line 49 through column 4, line 13. See, also, 
blocks 56, 58, 60, 62 and 64 of Figure 4. Figure 5 deals 
with inbound packets that can be dropped if the packet does 
not belong to an existing connection in the translation 
table 16. However, dropping packets this way, after they 
have already been forwarded to the appropriate module 10, 
wastes network resources. That is, in the Veerina patent, 
dropping packets, if any, is performed upon egress, but 
never upon ingress, and therefore does not operate on 



packets sourced from client devices. Accordingly, claims 1 
and 5 are not anticipated by the Veerina patent for at 
least this additional reason. 

More importantly, the Veerina patent does not 
teach determining whether or not a packet is entitled to 
access a particular service, or entitled to a particular 
service level, using on at least a portion of a unique bit 
string which replaced at least a part of a layer 2 address 
and which is independent of the contents of the packet . As 
discussed in the amendment filed on March 13, 2002, the 
Examiner is interpreting the term "entitled" unreasonably 
broadly to include "addressing" . The ordinary meaning of 
entitled is to furnish with a right. See, e.g., Webster's 
II: New Riverside University Dictionary, p. 435. (Copy 
filed herewith.) The applicants did not give the term 
"entitled" a contrary meaning. Since a user can address a 
packet however they please, merely determining whether or 
not a packet is addressed to a particular device is not the 
same as determining whether or not the packet is entitled 
to go to the addressed device. For example, even if a 
properly addressed packet can be forwarded (or some other 
service), if it isn't entitled, it may not be forwarded (or 
some other service) . The applicants offered the following 
analogies : 

Address (can) Permission (may) 

Addressed Envelope Proper postage; 

Ticket to another country Passport; 



Bank Account Number 



Personal ID Number (PIN) 




During the telephone interview of June 3, 2002, 
the Examiner argued that if the packet is not properly 
addressed, it is not entitled to be forwarded. The 
applicants believe that, in the context of the present 
invention, checking perm ission and forwarding are tw o 
separate steps. For example, in Figure 19, see permission 
check 1912 (and 1962 and 1968) before forwarding 1926, 
1932, 1934 (and 1972) . The applicants have added dependent 
claim 31 to explicitly recite that address-based forwarding 
is performed separately from the entitlement determination. 
This is supported, for example, by Figure 19, which shows 
block 1912 before blocks 1926 and 1932 and blocks 1956 and 
1958 before block 1962. Accordingly, claims 1 and 5 are 
not anticipated by the Veerina patent for at least this 
additional reason. 

In view of the foregoing, the applicants 
respectfully submit that this ground of rejection should be 
withdrawn. 

Rejections based on the Dunne patent 

Claims 1-13, 15-25 and 28-31 stand rejected under 
35 U.S. C. § 102 as being anticipated by U.S. Patent No. 
5,740,375 (hereafter referred to as "the Dunne patent"). 
The applicants respectfully request that the Examiner 
reconsider and withdraw this ground of rejection in view of 
the following. 

The Dunne patent does not anticipate any of 
independent claims 1, 5, 9, 13 and 15 because it does not 
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perform any operations based on a unique bit string that 
has replaced at least a portion of a layer 2 header, let 
alone the specific actions recited in these claims. Each 
of these claims is reprinted below with at least one 
patentable feature depicted in bold typeface: 



1. A method for provisioning services 
to packets sourced from a number of 
client devices, each of the packets 
having at least a part of a layer 2 
header replaced with a unique bit 
string that is independent of the 
contents of the received packets, the 
method comprising: 

a) determining whether or not the 
packet is entitled to access a 
particular service using at least 
a portion of the unique bit 
string; and 

b) if it is determined that the 
packet is entitled to access the 
particular service, then routing 
the packet. [Emphasis added.] 

5 . A method for providing various 
quality of service levels to packets 
sourced from a number of client 
devices, each of the packets having at 
least a part of a layer 2 header 
replaced with a unique bit string that 
is independent of the contents of the 
packets, the method comprising: 

a) determining a service level to 
which the packet is entitled using 
at least a portion of the unique 
bit string; and 

b) forwarding the packet to a 
queue associated with the service 
level determined. [Emphasis 
added . ] 



8 



9. A method for monitoring packets 
sourced from a group of client devices 
defining a subset of client devices, 
each of the packets having at least a 
part of a layer 2 header replaced with 
a unique bit string, the method 
comprising : 

a) determining whether or not the 
packet belongs to the group of 
client devices using at least a 
portion of at least one of the 
unique bit string; and 

b) if it is determined that the 
packet does belong to the group of 
client devices, then 

i) copying the packet to 
generate a duplicate packet, 
and 

ii) forwarding the duplicate 
packet to a monitoring 
facility. [Emphasis added.] 



13. An apparatus for provisioning 
services to packets sourced from a 
number of client devices, each of the 
packets having at least a part of a 
layer 2 header replaced with a unique 
bit string, the apparatus comprising: 

a) an access control list; and 

b) an access controller, the 
access controller including 

i) means for determining 
whether or not the packet is 
entitled to access a 
particular service using 

A) contents of the 
access control list, and 

B) at least a portion 
of the unique bit 
string, and 

ii) means for routing the 
packet if it is determined 
that the packet is entitled 
to access the particular 
service. [Emphasis added.] 



9 




15. An apparatus for monitoring 
packets sourced from a group of client 
devices defining a subset of client 
devices, each of the packets having at 
least a part of a layer 2 header 
replaced with a unique bit string, the 
apparatus comprising : 

a) a monitoring port for 
accepting packets of the group of 
client devices to be monitored; 

b) means determining whether or 
not an accepted packet belongs to 
the group of client devices using 
at least a portion of the unique 
bit string; and 

c) means for 

i) copying the accepted 
packet to generate a 
duplicate packet, and 

ii) forwarding the duplicate 
packet to the monitoring 
port, if it is determined 
that the packet was sourced 
by a client device belonging 
to the group of client 
devices . [Emphasis added . ] 

The Examiner argues that the Dunne patent discloses a 
method for determining whether or not a received packet is 
valid based on its data link layer and if it is not valid, 
then dropping the packet. The applicants agree that the 
Dunne patent includes a very general statement about using 
a destination or source IP or MAC address, and/or a source 
port, as criteria to perform an action, such as dropping a 
packet. However, this very general statement does not 
teach the specific features of the claims. More 
importantly, this very general statement does not teach 
using a unique bit string, which replaced at least a 
portion of a layer 2 header, to make a particular 
determination . 
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The Examiner also correctly notes that the Dunne 
patent determines whether a packet is a broadcast packet 
[of a user-selected subnetwork] by examining its data link 
layer, and if it is a broadcast packet [of a user-selected 
subnetwork] , then copying the packet and replacing IP 
destination address in the copy with an IP destination 
address from a broadcast list to form a new packet. (Paper 
No. 12, pages 3 and 4.) However, this teaching of the 
Dunne patent fails to teach any of the following features:^ 

determining whether or not a packet, that has had at 
least a part of its layer 2 header replaced with a 
unique bit string that is independent of the contents 
of the packet, is entitled to access a particular 
service using at least a portion of the unique bit 
string (claim 1) ; 

determining a quality of service level to which a 
packet, that has had at least a part of its layer 2 
header replaced with a unique bit string that is 
independent of the contents of the packet, is entitled 
using at least a portion of the unique bit string 
(claim 5) ; 

determining whether or not a packet, that 
has had at least a part of its layer 2 
header replaced with a unique bit string 
that is independent of the contents of the 
packet, belongs to the group of client 
devices using at least a portion of at least 
one of the unique bit string, and if it is 
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determined that the packet does belong to 
the group of client devices, then copying 
the packet to generate a duplicate packet, 
and forwarding the duplicate packet to a 
monitoring facility (claim 9) ; 



an access controller including means for 
determining whether or not a packet, that 
has had at least a part of its layer 2 
header replaced with a unique bit string 
that is independent of the contents of the 
packet, is entitled to access a particular 
service using contents of the access control 
list, and at least a portion of the unique 
bit string (claim 13) ; or 

means determining whether or not an accepted 
packet, that has had at least a part of its 
layer 2 header replaced with a unique bit 
string that is independent of the contents 
of the packet, belongs to the group of ^ 
client devices using at least a portion of 
the unique bit string and means for copying 
the accepted packet to generate a duplicate j 
packet, and forwarding the duplicate packet 
to the monitoring port, if it is determined 
that the packet was sourced by a client 
device belonging to the group of client 
devices (claim 15) . 

That is, the Dunne patent examines a l ayer 2 inform ation, 
not a unique bit string that has replaced at least a part 
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of layer 2 header information. All of the independent 
claims are patentable for at least this reason. Moreover, 
claims 9 and 15 are further patentable because the Dunne 
patent does not teach forwarding a duplicate copy of a 
packet to a monitoring facility. 

Furthermore, although the Dunne patent does 
replace an IP (layer 3) destination address with other IP 
addresses from a broadcast list, it does so after a 
filtering operation, not before a filtering operation . 
Furthermore, replacing a IP (layer 3) destination address 
does not teach replacing at least a part of a layer 2 
header with a unique bit string. 

In view of the foregoing, independent claims 1, 
5, 9, 13 and 15 are not anticipated by the Dunne patent. 
Since the rejected dependent claims include the elements of 
the rejected base claims from which they, either directly 
or indirectly, depend, these claims are similarly not 
anticipated by the Dunne patent. 

With regard to dependent claims 3, 4, 7, 8, 11 
and 12, the Examiner argues that current IP address of the 
Dunne patent teaches a VPN-OUI and the list pointer of the 
Dunne patent teaches a VPN-Index. (Paper No. 12, page 4.) 
Both of these assertions are incorrect. IP addresses 
aren't used as an organizational universal identifier 
because different organizations could use the same IP 
address, particularly in the case of VPNs. The broadcast 
list pointer of the Dunne patent is merely used to ensure 
that a duplicate of the packet is sent to each address in 
the list. It has nothing to do with identifying a VPN. 
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Accordingly, these claims are not anticipated by the Dunne 
patent for at least these additional reasons. 

With regard to dependent claims 2, 10, 16-25 and 
28-31, the applicants note that the Examiner did not even 
address the features of these claims , as is required . (See 
MPEP 706 and 707.07(d).) If the Examiner continues to 
reject these claims in the future, the applicants request 
that the Examiner specifically address each of the features 
of these claims. 

Rejections under 35 U.S.C. § 103 

Claims 14, 26 and 27 stand rejected under 35 
U.S.C. § 103 as being unpatentable over U.S. Patent No. 
5,566,170 ("the Bakke patent") in view of the Dunne patent, 
and further in view of U.S. Patent No. 6,104,700 (hereafter 
referred to as "the Haddock patent") . The applicants 
respectfully request that the Examiner reconsider and 
withdraw this ground of rejection in view of the following. 

Claim 14 is not rendered obvious by these patents 
because these patents, either taken alone, or in 
combination, neither teach nor suggest, a service level 
controller including means for determining a service level 
to which a packet, which has had at least a port of its 
layer 2 header replaced by a unique bit string that is 
independent of contents of the packets, is entitled using 
contents of a service level list, and at least a portion of 
the unique bit string, and means for forwarding the packet 
to the one of the plurality of queues associated with the 
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quality of service level determined. Claim 14 is reprinted 
below with this feature depicted in bold typeface: 



An apparatus for providing various 
service levels to packets sourced from 
a number of client devices, each of the 
packets having at least a part of a 
layer 2 header replaced with a unique 
bit string that is independent of 
contents of the packets, the apparatus 
comprising : 

a) a plurality of queues, each of 
the plurality of queues associated 
with a particular service level; 

b) a service level list; and 

c) a service level controller, 
the service level controller 
including 

i) means for determining a 
service level to which the 
packet is entitled using 

A) contents of the 
service level list, and 

B) at least a portion 
of the unique bit 
string, and 

ii) means for forwarding the 
packet to the one of the 
plurality of queues 
associated with the quality 
of service level determined. 
[Emphasis added.] 

These features are discussed below. Moreover, one skilled 
in the art would not have been motivated to combine the 
references as proposed by the Examiner. 



The Examiner argues that the Bakke patent 
discloses a forwarding device with a plurality of queues, 
that the content addressable memory ("CAM") 128 teaches a 
service level list, that the identifier 122 teaches a 
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service level controller, and that the media header teaches 
a unique bit string. First, the buffers in the Bakke 
patent are not queues related to various service levels -- 
they hold bits that are demultiplexed or multiplexed based 
on periodic clocking. (See column 9, lines 29-49.) The 
CAM 128 is used to obtain an address used by the forwarding 
processor 108, not to determine various service levels. 
(See column 44-59.) Finally, the identifier 122 does not 
control a service level, rather it is merely used to find 
media header information of a protocol data unit. (See 
column 9, lines 57-61.) Thus, independent claim 14 is not 
rendered obvious by the Bakke, Dunne and Haddock patents 
for at least this reason. Since claims 26 and 27 depend 
from claim 14, they are similarly not rendered obvious by 
these patents. 

The Examiner relies on the replacement of IP 
destination addresses in the Dunne patent to teach a packet 
having layer 2 header information replaced by a unique bit 
string. However, since IP address is layer 3 information, 
and not found in a layer 2 header, this feature of the 
Dunne patent is irrelevant to the claimed invention. Thus, 
independent claim 14 is not rendered obvious by the Bakke, 
Dunne and Haddock patents for at least this additional 
reason. Since claims 2 6 and 2 7 depend from claim 14, they 
are similarly not rendered obvious by these patents. 

The Examiner contends that the Haddock patent 
teaches a forwarding device which determines quality of 
service levels based on a packet's IP (layer 3) address or 
its MAC (layer 2) address, and buffering the packet in a 
QoS queue associated with the determined QoS level. (Paper 
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No. 12, page 6.). The Examiner then concludes that it 
would have been obvious to apply Haddock's teaching to the 
Dunne system to provide quality of service for various QoS 
levels. Even assuming, arguendo, that this is true, the 
teaching of the Haddock patent that QoS determinations can 
be made based on a MAC address does not teach making such a 
determination based on a unique bit string that is 
independent of the packet contents, and that replaced at 
least a part of the layer 2 header as recited in claim 14 . 
Thus, independent claim 14 is not rendered obvious by the 
Bakke, Dunne and Haddock patents for at least this 
additional reason. Since claims 26 and 27 depend from 
claim 14, they are similarly not rendered obvious by these 
patents . 

Conclusion 

In view of the foregoing amendments and remarks, 
the applicant respectfully submits that the pending claims 
are in condition for allowance. Accordingly, the 
applicants request that the Examiner pass this application 
to issue. 



Respectfully submitted, 



December 11, 2002 
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